// For flags

CVE-2011-5000

openssh: post-authentication resource exhaustion bug via GSSAPI

Severity Score

3.5
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and earlier, when gssapi-with-mic authentication is enabled, allows remote authenticated users to cause a denial of service (memory consumption) via a large value in a certain length field. NOTE: there may be limited scenarios in which this issue is relevant.

La función de ssh_gssapi_parse_ename en GSS-serv.c en OpenSSH v5.8 y versiones anteriores, cuando gssapi-with-mic de autenticación está activada, permite a usuarios remotos autenticados provocar una denegación de servicio (excesivo consumo de memoria) a través de un valor demasiado grande en un campo de longitud determinada. NOTA: puede haber escenarios limitados en el que este tema es relevante.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2011-12-24 CVE Reserved
  • 2012-04-04 CVE Published
  • 2023-08-31 EPSS Updated
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-189: Numeric Errors
  • CWE-400: Uncontrolled Resource Consumption
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
<= 5.8
Search vendor "Openbsd" for product "Openssh" and version " <= 5.8"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
1.2
Search vendor "Openbsd" for product "Openssh" and version "1.2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
1.2.1
Search vendor "Openbsd" for product "Openssh" and version "1.2.1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
1.2.2
Search vendor "Openbsd" for product "Openssh" and version "1.2.2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
1.2.3
Search vendor "Openbsd" for product "Openssh" and version "1.2.3"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
1.2.27
Search vendor "Openbsd" for product "Openssh" and version "1.2.27"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
1.3
Search vendor "Openbsd" for product "Openssh" and version "1.3"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
1.5
Search vendor "Openbsd" for product "Openssh" and version "1.5"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
1.5.7
Search vendor "Openbsd" for product "Openssh" and version "1.5.7"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
1.5.8
Search vendor "Openbsd" for product "Openssh" and version "1.5.8"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.0
Search vendor "Openbsd" for product "Openssh" and version "3.0"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.0.1
Search vendor "Openbsd" for product "Openssh" and version "3.0.1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.0.1p1
Search vendor "Openbsd" for product "Openssh" and version "3.0.1p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.0.2
Search vendor "Openbsd" for product "Openssh" and version "3.0.2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.0.2p1
Search vendor "Openbsd" for product "Openssh" and version "3.0.2p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.0p1
Search vendor "Openbsd" for product "Openssh" and version "3.0p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.1
Search vendor "Openbsd" for product "Openssh" and version "3.1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.1p1
Search vendor "Openbsd" for product "Openssh" and version "3.1p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.2
Search vendor "Openbsd" for product "Openssh" and version "3.2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.2.2
Search vendor "Openbsd" for product "Openssh" and version "3.2.2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.2.2p1
Search vendor "Openbsd" for product "Openssh" and version "3.2.2p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.2.3p1
Search vendor "Openbsd" for product "Openssh" and version "3.2.3p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.3
Search vendor "Openbsd" for product "Openssh" and version "3.3"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.3p1
Search vendor "Openbsd" for product "Openssh" and version "3.3p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.4
Search vendor "Openbsd" for product "Openssh" and version "3.4"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.4p1
Search vendor "Openbsd" for product "Openssh" and version "3.4p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.5
Search vendor "Openbsd" for product "Openssh" and version "3.5"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.5p1
Search vendor "Openbsd" for product "Openssh" and version "3.5p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.6
Search vendor "Openbsd" for product "Openssh" and version "3.6"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.6.1
Search vendor "Openbsd" for product "Openssh" and version "3.6.1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.6.1p1
Search vendor "Openbsd" for product "Openssh" and version "3.6.1p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.6.1p2
Search vendor "Openbsd" for product "Openssh" and version "3.6.1p2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.7
Search vendor "Openbsd" for product "Openssh" and version "3.7"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.7.1
Search vendor "Openbsd" for product "Openssh" and version "3.7.1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.7.1p1
Search vendor "Openbsd" for product "Openssh" and version "3.7.1p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.7.1p2
Search vendor "Openbsd" for product "Openssh" and version "3.7.1p2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.8
Search vendor "Openbsd" for product "Openssh" and version "3.8"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.8.1
Search vendor "Openbsd" for product "Openssh" and version "3.8.1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.8.1p1
Search vendor "Openbsd" for product "Openssh" and version "3.8.1p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.9
Search vendor "Openbsd" for product "Openssh" and version "3.9"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.9.1
Search vendor "Openbsd" for product "Openssh" and version "3.9.1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
3.9.1p1
Search vendor "Openbsd" for product "Openssh" and version "3.9.1p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.0
Search vendor "Openbsd" for product "Openssh" and version "4.0"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.0p1
Search vendor "Openbsd" for product "Openssh" and version "4.0p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.1
Search vendor "Openbsd" for product "Openssh" and version "4.1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.1p1
Search vendor "Openbsd" for product "Openssh" and version "4.1p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.2
Search vendor "Openbsd" for product "Openssh" and version "4.2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.2p1
Search vendor "Openbsd" for product "Openssh" and version "4.2p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.3
Search vendor "Openbsd" for product "Openssh" and version "4.3"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.3p1
Search vendor "Openbsd" for product "Openssh" and version "4.3p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.3p2
Search vendor "Openbsd" for product "Openssh" and version "4.3p2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.4
Search vendor "Openbsd" for product "Openssh" and version "4.4"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.4p1
Search vendor "Openbsd" for product "Openssh" and version "4.4p1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.5
Search vendor "Openbsd" for product "Openssh" and version "4.5"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.6
Search vendor "Openbsd" for product "Openssh" and version "4.6"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.7
Search vendor "Openbsd" for product "Openssh" and version "4.7"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.8
Search vendor "Openbsd" for product "Openssh" and version "4.8"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
4.9
Search vendor "Openbsd" for product "Openssh" and version "4.9"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
5.0
Search vendor "Openbsd" for product "Openssh" and version "5.0"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
5.1
Search vendor "Openbsd" for product "Openssh" and version "5.1"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
5.2
Search vendor "Openbsd" for product "Openssh" and version "5.2"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
5.3
Search vendor "Openbsd" for product "Openssh" and version "5.3"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
5.4
Search vendor "Openbsd" for product "Openssh" and version "5.4"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
5.5
Search vendor "Openbsd" for product "Openssh" and version "5.5"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
5.6
Search vendor "Openbsd" for product "Openssh" and version "5.6"
-
Affected
Openbsd
Search vendor "Openbsd"
Openssh
Search vendor "Openbsd" for product "Openssh"
5.7
Search vendor "Openbsd" for product "Openssh" and version "5.7"
-
Affected